diff options
Diffstat (limited to 'src/mongo')
| -rw-r--r-- | src/mongo/SConscript | 6 | ||||
| -rw-r--r-- | src/mongo/client/auth_helpers.cpp | 68 | ||||
| -rw-r--r-- | src/mongo/client/auth_helpers.h | 48 | ||||
| -rw-r--r-- | src/mongo/db/auth/SConscript | 8 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager.cpp | 1 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_global.cpp | 6 | ||||
| -rw-r--r-- | src/mongo/db/auth/authorization_manager_global.h | 5 | ||||
| -rw-r--r-- | src/mongo/db/auth/authz_manager_external_state_s.cpp | 67 | ||||
| -rw-r--r-- | src/mongo/db/auth/user_management_commands_parser.cpp | 1 |
9 files changed, 65 insertions, 145 deletions
diff --git a/src/mongo/SConscript b/src/mongo/SConscript index 2c36a0c2927..1fcc377fe7f 100644 --- a/src/mongo/SConscript +++ b/src/mongo/SConscript @@ -272,9 +272,6 @@ env.CppUnitTest( 'range_arithmetic' ]) -env.Library('auth_helpers', ['client/auth_helpers.cpp'], - LIBDEPS=['clientdriver']) - env.Library('global_optime', ['db/global_optime.cpp']) env.Library('spin_lock', ["util/concurrency/spin_lock.cpp"]) @@ -453,8 +450,7 @@ env.Library("fail_point", LIBDEPS=["foundation", "bson"]) env.Library('mongocommon', commonFiles, - LIBDEPS=['auth_helpers', - 'bson', + LIBDEPS=['bson', 'background_job', 'clientdriver', 'fail_point', diff --git a/src/mongo/client/auth_helpers.cpp b/src/mongo/client/auth_helpers.cpp deleted file mode 100644 index 80353e46207..00000000000 --- a/src/mongo/client/auth_helpers.cpp +++ /dev/null @@ -1,68 +0,0 @@ -/* Copyright 2013 10gen Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects - * for all of the code used other than as permitted herein. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you do not - * wish to do so, delete this exception statement from your version. If you - * delete this exception statement from all source files in the program, - * then also delete it in the license file. - */ - -#include "mongo/client/auth_helpers.h" - -#include "mongo/db/auth/authorization_manager.h" - -namespace mongo { -namespace auth { - - const std::string schemaVersionServerParameter = "authSchemaVersion"; - - Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion) { - try { - BSONObj cmdResult; - conn->runCommand( - "admin", - BSON("getParameter" << 1 << schemaVersionServerParameter << 1), - cmdResult); - if (!cmdResult["ok"].trueValue()) { - std::string errmsg = cmdResult["errmsg"].str(); - if (errmsg == "no option found to get" || - StringData(errmsg).startsWith("no such cmd")) { - - *outVersion = 1; - return Status::OK(); - } - int code = cmdResult["code"].numberInt(); - if (code == 0) { - code = ErrorCodes::UnknownError; - } - return Status(ErrorCodes::Error(code), errmsg); - } - BSONElement versionElement = cmdResult[schemaVersionServerParameter]; - if (versionElement.eoo()) - return Status(ErrorCodes::UnknownError, "getParameter misbehaved."); - *outVersion = versionElement.numberInt(); - return Status::OK(); - } catch (const DBException& e) { - return e.toStatus(); - } - } -} // namespace auth -} // namespace mongo diff --git a/src/mongo/client/auth_helpers.h b/src/mongo/client/auth_helpers.h deleted file mode 100644 index fe5491aafe7..00000000000 --- a/src/mongo/client/auth_helpers.h +++ /dev/null @@ -1,48 +0,0 @@ -/* Copyright 2013 10gen Inc. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * - * As a special exception, the copyright holders give permission to link the - * code of portions of this program with the OpenSSL library under certain - * conditions as described in each individual source file and distribute - * linked combinations including the program with the OpenSSL library. You - * must comply with the GNU Affero General Public License in all respects - * for all of the code used other than as permitted herein. If you modify - * file(s) with this exception, you may extend this exception to your - * version of the file(s), but you are not obligated to do so. If you do not - * wish to do so, delete this exception statement from your version. If you - * delete this exception statement from all source files in the program, - * then also delete it in the license file. - */ - -#pragma once - -#include "mongo/base/status.h" -#include "mongo/client/dbclientinterface.h" - -namespace mongo { -namespace auth { - - /** - * Retrieves the schema version of the persistent data describing users and roles from the - * remote server connected to with conn. - */ - Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion); - - /** - * Name of the server parameter used to report the auth schema version (via getParameter). - */ - extern const std::string schemaVersionServerParameter; - -} // namespace auth -} // namespace mongo diff --git a/src/mongo/db/auth/SConscript b/src/mongo/db/auth/SConscript index 2f15a110423..2d472c696e9 100644 --- a/src/mongo/db/auth/SConscript +++ b/src/mongo/db/auth/SConscript @@ -28,8 +28,7 @@ env.Library('authcore', ['action_set.cpp', 'user_management_commands_parser.cpp', 'user_name.cpp', 'user_set.cpp'], - LIBDEPS=['$BUILD_DIR/mongo/auth_helpers', - '$BUILD_DIR/mongo/base/base', + LIBDEPS=['$BUILD_DIR/mongo/base/base', '$BUILD_DIR/mongo/bson', '$BUILD_DIR/mongo/db/common', '$BUILD_DIR/mongo/db/ops/update_driver', @@ -56,7 +55,10 @@ env.Library('saslauth', 'sasl_plain_server_conversation.cpp', 'sasl_scramsha1_server_conversation.cpp', 'sasl_server_conversation.cpp'], - LIBDEPS=['authcore', '$BUILD_DIR/mongo/crypto/scramauth']) + LIBDEPS=[ + 'authcore', + '$BUILD_DIR/mongo/crypto/scramauth', + '$BUILD_DIR/mongo/network']) env.Library('authmongod', ['authz_manager_external_state_d.cpp', diff --git a/src/mongo/db/auth/authorization_manager.cpp b/src/mongo/db/auth/authorization_manager.cpp index 2a4ef685acb..fa3dc088c49 100644 --- a/src/mongo/db/auth/authorization_manager.cpp +++ b/src/mongo/db/auth/authorization_manager.cpp @@ -43,7 +43,6 @@ #include "mongo/bson/mutable/document.h" #include "mongo/bson/mutable/element.h" #include "mongo/bson/util/bson_extract.h" -#include "mongo/client/auth_helpers.h" #include "mongo/crypto/mechanism_scram.h" #include "mongo/db/auth/action_set.h" #include "mongo/db/auth/authz_documents_update_guard.h" diff --git a/src/mongo/db/auth/authorization_manager_global.cpp b/src/mongo/db/auth/authorization_manager_global.cpp index 5e6c680cd16..91ccec7ba0d 100644 --- a/src/mongo/db/auth/authorization_manager_global.cpp +++ b/src/mongo/db/auth/authorization_manager_global.cpp @@ -30,7 +30,6 @@ #include "mongo/base/disallow_copying.h" #include "mongo/base/init.h" -#include "mongo/client/auth_helpers.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/server_parameters.h" @@ -53,7 +52,7 @@ namespace { MONGO_NO_PREREQUISITES, ("BeginStartupOptionParsing"))(InitializerContext*) { new AuthzVersionParameter(ServerParameterSet::getGlobal(), - auth::schemaVersionServerParameter); + authSchemaVersionServerParameter); return Status::OK(); } @@ -75,8 +74,11 @@ namespace { Status AuthzVersionParameter::setFromString(const std::string& newValueString) { return Status(ErrorCodes::InternalError, "set called on unsettable server parameter"); } + } // namespace + const std::string authSchemaVersionServerParameter = "authSchemaVersion"; + void setGlobalAuthorizationManager(AuthorizationManager* authManager) { fassert(16841, globalAuthManager == NULL); globalAuthManager = authManager; diff --git a/src/mongo/db/auth/authorization_manager_global.h b/src/mongo/db/auth/authorization_manager_global.h index 0b13533265e..08ce75d1da6 100644 --- a/src/mongo/db/auth/authorization_manager_global.h +++ b/src/mongo/db/auth/authorization_manager_global.h @@ -32,6 +32,11 @@ namespace mongo { + /** + * Name of the server parameter used to report the auth schema version (via getParameter). + */ + extern const std::string authSchemaVersionServerParameter; + // Gets the singleton AuthorizationManager object for this server process. AuthorizationManager* getGlobalAuthorizationManager(); diff --git a/src/mongo/db/auth/authz_manager_external_state_s.cpp b/src/mongo/db/auth/authz_manager_external_state_s.cpp index 500f8b9b9eb..56b485c16f4 100644 --- a/src/mongo/db/auth/authz_manager_external_state_s.cpp +++ b/src/mongo/db/auth/authz_manager_external_state_s.cpp @@ -36,9 +36,9 @@ #include <boost/scoped_ptr.hpp> #include <string> -#include "mongo/client/auth_helpers.h" #include "mongo/client/dbclientinterface.h" #include "mongo/db/auth/authorization_manager.h" +#include "mongo/db/auth/authorization_manager_global.h" #include "mongo/db/auth/user_name.h" #include "mongo/db/jsobj.h" #include "mongo/s/catalog/catalog_manager.h" @@ -56,35 +56,68 @@ namespace mongo { using std::endl; using std::vector; - AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {} +namespace { - AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {} + ScopedDbConnection* getConnectionForAuthzCollection(const NamespaceString& ns) { + // + // Note: The connection mechanism here is *not* ideal, and should not be used elsewhere. + // If the primary for the collection moves, this approach may throw rather than handle + // version exceptions. + // - Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) { - return Status::OK(); - } + DBConfigPtr config = grid.getDBConfig(ns.ns()); + Shard s = config->getShard(ns.ns()); - namespace { - ScopedDbConnection* getConnectionForAuthzCollection(const NamespaceString& ns) { - // - // Note: The connection mechanism here is *not* ideal, and should not be used elsewhere. - // If the primary for the collection moves, this approach may throw rather than handle - // version exceptions. - // + return new ScopedDbConnection(s.getConnString(), 30.0); + } - DBConfigPtr config = grid.getDBConfig(ns.ns()); - Shard s = config->getShard(ns.ns()); + Status getRemoteStoredAuthorizationVersion(DBClientBase* conn, int* outVersion) { + try { + BSONObj cmdResult; + conn->runCommand( + "admin", + BSON("getParameter" << 1 << authSchemaVersionServerParameter << 1), + cmdResult); + if (!cmdResult["ok"].trueValue()) { + std::string errmsg = cmdResult["errmsg"].str(); + if (errmsg == "no option found to get" || + StringData(errmsg).startsWith("no such cmd")) { - return new ScopedDbConnection(s.getConnString(), 30.0); + *outVersion = 1; + return Status::OK(); + } + int code = cmdResult["code"].numberInt(); + if (code == 0) { + code = ErrorCodes::UnknownError; + } + return Status(ErrorCodes::Error(code), errmsg); + } + BSONElement versionElement = cmdResult[authSchemaVersionServerParameter]; + if (versionElement.eoo()) + return Status(ErrorCodes::UnknownError, "getParameter misbehaved."); + *outVersion = versionElement.numberInt(); + return Status::OK(); + } catch (const DBException& e) { + return e.toStatus(); } } +} // namespace + + AuthzManagerExternalStateMongos::AuthzManagerExternalStateMongos() {} + + AuthzManagerExternalStateMongos::~AuthzManagerExternalStateMongos() {} + + Status AuthzManagerExternalStateMongos::initialize(OperationContext* txn) { + return Status::OK(); + } + Status AuthzManagerExternalStateMongos::getStoredAuthorizationVersion( OperationContext* txn, int* outVersion) { try { scoped_ptr<ScopedDbConnection> conn(getConnectionForAuthzCollection( AuthorizationManager::usersCollectionNamespace)); - Status status = auth::getRemoteStoredAuthorizationVersion(conn->get(), outVersion); + Status status = getRemoteStoredAuthorizationVersion(conn->get(), outVersion); conn->done(); return status; } diff --git a/src/mongo/db/auth/user_management_commands_parser.cpp b/src/mongo/db/auth/user_management_commands_parser.cpp index 7ca29d56c39..eecef9d9301 100644 --- a/src/mongo/db/auth/user_management_commands_parser.cpp +++ b/src/mongo/db/auth/user_management_commands_parser.cpp @@ -33,7 +33,6 @@ #include "mongo/base/status.h" #include "mongo/bson/util/bson_extract.h" -#include "mongo/client/auth_helpers.h" #include "mongo/db/auth/action_type.h" #include "mongo/db/auth/authorization_manager.h" #include "mongo/db/auth/privilege.h" |